Hackers backed by China’s military are believed to have carried out repeated attacks on the New York Time’s cyber infrastructure, according to new claims by the newspaper. It believes that the attacks began around four months ago, and are likely to be retaliation for an expose it ran on the vast wealth accumulated by previous leader Wen Jiabao and his family.
The New York Times says that the hackers have stolen the corporate passwords of every single one of its employees, while the personal devices of 53 of its employees were also hacked. It says that it stumbled upon the infiltration after observing “unusual activity” within its systems, prompting an investigation by security experts. The paper believes that it has now successfully expelled the infiltrators.
The attacks began after the Chinese were apparently forewarned of reporter David Barboza’s investigation into Wen Jiabao’s family’s financial affairs. Initially, the New York Times believes that hackers were searching for information on Barboza’s sources and contacts, but the attacks were escalated after his story was published in October.
To discover who was behind the attacks, the New York Times sought the services of Mandiant, a specialist computer security firm. Mandiant’s investigators quickly detected the attacker’s presence, blocking them from accessing the paper’s most important files, whilst attempting to trace their origin.
NYT reporter Nicole Perlroth quotes executive editor Jill Abramson as saying there is “no evidence that sensitive files or emails relating to the articles about the Wen family were accessed”.
Mandiant believes that the methods employed by the hackers – using email malware, installing custom software to target specific individuals, rerouting attacks through university computers, and switching IPs – are the signature tactics of China’s military.
Unsurprisingly, when asked to comment on the allegations, China’s Ministry of National Defense vehemently denied responsibility for the attacks:
“Chinese laws prohibit any action including hacking that damages Internet security. To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless,” said a spokesperson for the ministry.
It might be ‘unprofessional’ to accuse China of being behind the attacks, but state-sponsored hacking has reared its head in the past, with the US and Israel being accused of creating the infamous Flame, Stuxnet and Duqu viruses to attack Iranian nuclear facilities. Meanwhile, Iran was recently accused of directing a massive DDoS attack against US banks, while it is also believed to have carried out an attack on the BBC last year.
In addition, the US has been paranoid about Chinese attacks on its systems for some time now, with the US-China Economic and Security Review Commission labelling the country the “most threatening actor in cyberspace” last year, while Chinese firms Huawei and ZTE have both been accused of ‘spying’ on American companies.
While The New York Times has managed to fend off this latest attack, its security team warned that it could be at risk of further infiltrations in the future.
Richard Bejtlich, Chief Security Officer of Mandiant, told the paper that “this is not the end of the story”.
“Once they take a liking to a victim, they tend to come back. It’s not like a digital crime case where the intruders steal stuff and then they’re gone. This requires an internal vigilance model,” he warned.